Volume 1, Chapter 3 - Under Secretary of Defense

DoD 7000.14-R

2B

Financial Management Regulation

Volume 1, Chapter 3 * October 2008

VOLUME 1, CHAPTER 3: "FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT OF 1996 COMPLIANCE, EVALUATION, AND

REPORTING"

SUMMARY OF MAJOR CHANGES

All changes are denoted by blue font.

Substantive revisions are denoted by an * symbol preceding the section, paragraph, table, or figure that includes the revision.

Unless otherwise noted, chapters referenced are contained in this volume.

Hyperlinks are denoted by bold, italic, blue and underlined font.

The previous version dated February 2005 is archived.

PARAGRAPH

EXPLANATION OF CHANGE/REVISION

ALL

Complete rewrite of policy to align Federal Financial

Management Improvement Act (FFMIA) compliance with

the related efforts to achieve auditability.

PURPOSE Revision

0301

As recommended by the Government Accountability Office Revision

(GAO) report #GAO/AMID 97-29 (Financial Management,

DoD Inventory of Financial Management Systems Is

Incomplete) dated January 1997, this chapter has been

changed to include mixed systems in the definition of

financial management systems based on the definition cited

in Office of Management and Budget (OMB) Circular 127.

3-1

DoD 7000.14-R

2B

Financial Management Regulation Table of Contents

Volume 1, Chapter 3 * October 2008

VOLUME 1, CHAPTER 3: "FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT OF 1996 COMPLIANCE, EVALUATION, AND REPORTING"....................................... 1

*0301 PURPOSE AND AUTHORITATIVE GUIDANCE .................................................. 3

030101. 030102. 030103.

Purpose ................................................................................................................. 3 Authoritative Guidance ........................................................................................ 3 Scope and Applicability ....................................................................................... 3

*0302 BACKGROUND ........................................................................................................ 4

030201. 030202. 030203.

FFMIA Requirements .......................................................................................... 4 FFMIA Federal Manager Responsibilities........................................................... 4 FFMIA Compliance Measurement ...................................................................... 4

*0303 POLICY ...................................................................................................................... 5

030301. 030302. 030303.

Internal Controls over Financial Reporting.......................................................... 5 FFMIA Compliance ............................................................................................. 5 The FFMIA Compliance Process ......................................................................... 7

*0304 DEFINITIONS............................................................................................................ 9

030401. 030402. 030403. 030404. 030405. 030406. 030407. 030408.

Integrated Financial Management System (IFMS) .............................................. 9 Information Systems ............................................................................................ 9 Financial Systems................................................................................................. 9 Non-Financial Systems ...................................................................................... 10 Mixed System..................................................................................................... 10 Financial Management System .......................................................................... 10 Federal Accounting Standards ........................................................................... 10 Financial Event................................................................................................... 11

*0305 RESPONSIBILITIES ............................................................................................... 11

030501. 030502. 030503.

Overview ............................................................................................................ 11 Governance......................................................................................................... 11 Execution............................................................................................................ 12

3-2

DoD 7000.14-R

2B

*

Financial Management Regulation CHAPTER 3

Volume 1, Chapter 3 * October 2008

FEDERAL FINANCIAL MANAGEMENT IMPROVEMENT ACT OF 1996 COMPLIANCE, EVALUATION, AND REPORTING

*0301 PURPOSE AND AUTHORITATIVE GUIDANCE

030101.

Purpose

This chapter provides Department of Defense (DoD) policies for evaluating, achieving, and reporting compliance with the Federal Financial Management Improvement Act (FFMIA) of 1996, Pub. Law No. 104-208, section 801, 31 U.S.C. 3512, note. The FFMIA provides specific requirements to Chief Financial Officer Act agencies and requires auditors to assess Agency compliance during financial statement audits.

030102.

Authoritative Guidance

The Office of Management and Budget (OMB) Circulars A-123, "Management's Responsibility for Internal Control," and A-127, "Financial Management Systems," provide policies and procedures to be followed in developing, operating, evaluating, and reporting on financial management systems, which are to be addressed in the agencies' annual statement on whether its financial management systems conform to government-wide requirements. They and prescribe policies and standards for Federal Agencies to follow in developing, operating, evaluating, and reporting on financial management systems. As outlined in this chapter, the DoD policy applicable to achieving FFMIA compliance and structure is consistent with OMB Circular A-127 and reflects guidelines to aid DoD entities in achieving compliance with the FFMIA in the period before auditability.

030103.

Scope and Applicability

This chapter defines and prescribes the following:

A. Integrated Financial Management Systems (IFMS).

B. FFMIA compliance, to include timeframes when target IFMS and Financial Systems must be evaluated for FFMIA compliance; how (and by whom) target IFMS and Financial Systems are evaluated and tested for FFMIA compliance; and how and when compliance is reported, measured, and monitored.

C. Applicability (Reporting Entities for FFMIA purposes).

D. Criteria for determining which financial and mixed systems must be evaluated for FFMIA compliance.

E. Requirements for developing, maintaining, and executing remediation plans when a Department of Defense (DoD) Component is not in compliance with FFMIA.

3-3

DoD 7000.14-R

2B

Financial Management Regulation

Volume 1, Chapter 3 * October 2008

F. Roles and responsibilities of the Office of the Secretary of Under Secretary of Defense (Comptroller) (OUSD (C)) and DoD Components.

*0302 BACKGROUND

030201.

FFMIA Requirements

FFMIA requires adherence with:

A. Federal financial management system requirements as defined by the Financial Systems Integration Office.

B. Federal accounting standards.

C. The United States Standard General Ledger at the transaction level.

030202.

FFMIA Federal Manager Responsibilities

The FFMIA provides the basis for the development and implementation of financial systems (to include mixed systems) that provide reliable financial management information. The intent of this Act is to provide standard guidance for Federal Agencies to follow in developing usable systems that support federal manager responsibilities to:

A. Provide reliable and timely financial information for managing current operations,

Prepare financial statements and other required financial and budget reports, and

B. Account for their assets reliably, in order to protect them from loss, misappropriation, or destruction.

030203.

FFMIA Compliance Measurement

FFMIA compliance is measured at the Reporting Entity level and requires:

A. Annual assessments reported by the Agency/Entity Head.

B. Formal remediation plans when IFMS or financial systems fail to comply.

C. Assessments by auditors during financial statement audits.

3-4

DoD 7000.14-R

2B

*0303 POLICY

Financial Management Regulation

Volume 1, Chapter 3 * October 2008

030301.

Internal Controls over Financial Reporting

The DoD approach to FFMIA compliance capitalizes on the related efforts to achieve auditability and to maintain effective internal controls over financial reporting (ICOFR). These related efforts, guided by OMB Circular 123 (Management's Responsibility for Internal Controls) and OMB Circular 136 (Financial Reporting Requirements), strive to achieve many of the same objectives as the objectives of the FFMIA. As a result, much of the documentation and testing in support of the auditability and ICOFR also supports the Department's efforts to become FFMIA compliant.

030302.

FFMIA Compliance

The following defines the FFMIA compliance approach in order to help ensure that the Department addresses these related requirements efficiently:

A. Reporting Entities. All DoD Components must adhere to the FFMIA and OMB Circular A-127 requirements. All DoD Reporting Entities listed in Volume 6B, Chapter 1, paragraphs 010601, 010602, and 010605 are directed to report their compliance with FFMIA as part of their Annual Statement of Assurance beginning in fiscal year 2010, as required by the Federal Managers Financial Integrity Act and guidance issued annually by the OUSD(C). The FFMIA compliance of individual financial and mixed systems are also to be identified in the DoD Information Technology Portfolio Repository (DITPR) as part of the annual review process for Defense business systems undertaken in accordance with the accountability requirements of 10 U.S.C. 2222.

B. Responsible Parties

1. The Head of each DoD Reporting Entity, as defined in subparagraph 030302.A, is responsible for planning, testing, evaluating, remediating, and reporting remediation action progress and results. The entity Head may delegate these responsibilities.

2. The entity Head or delegate may rely on independent internal or external resources (e.g., Service Audit Agency, DoD Inspector General, Independent Public Accounting (IPA) firms) for FFMIA testing and evaluation and should ensure resources employed are objective and sufficiently qualified to perform the evaluation. The Government Accountability Office's (GAO) Government Auditing Standards and the American Institute of Certified Public Accountants Statement on Auditing Standards Number 1, Section 210 both provide guidance regarding qualifications for personnel performing program and financial statement audits.

3-5

DoD 7000.14-R

2B

C.

Financial Management Regulation

Volume 1, Chapter 3 * October 2008

Compliance/Remediation Planning and Monitoring

1. DoD Financial Improvement and Audit Readiness (FIAR) Plan. The FIAR Plan is the Department's comprehensive compliance and remediation plan for:

a. Improving financial information.

b. Preparing for future financial statement audits based on incremental efforts focused on end-to-end business process segments, implementing OMB Circular 123, Appendix A (i.e., documenting, testing and strengthening financial controls at the transaction level).

c. Working concurrently to also achieve FFMIA compliance by end-to-end business process segment.

2. Target Integrated Financial Management System (IFMS). Each DoD Reporting Entity as defined in subparagraph 030302.A, shall document their target IFMS in their FIAR Plan and the DoD Enterprise Transition Plan. The target IFMS is the IFMS the entity plans to be using when the entire Reporting Entity achieves auditability. If a system is not planned to be a component of the target auditable IFMS, then it should not be evaluated based on the following criteria for FFMIA compliance.

a. Specific system, module, or components of the target IFMS shall be identified and associated with segments and end-to-end business process in the FIAR Plan.

b. Each system, module, or component of the target IFMS must be recorded in the DoD Financial Management System Inventories maintained in the DITPR in accordance with DoD policies and requirements.

c. The target IFMS must be consistent with the Financial Management System Inventory reported to OMB annually.

3. Testing Plan. The schedule for testing the individual components or defined group of components of the target IFMS shall be consistent with and in support of the management assertion plans and timelines in the entity's Financial Improvement Plan (FIP) and in the DoD FIAR Plan. Test plans for individual components of the target IFMS must consider the inter-operability of all operational components of the Reporting Entity's target IFMS.

4. Remediation Plan. Testing of individual target IFMS components is expected to identify instances of non-compliance with FFMIA requirements. When such instances are identified, the Reporting Entity shall develop and document corrective actions and include them in their FIP and the DoD FIAR Plan. The remediation plan must specify a completion date for planned compliance with FFMIA requirements in accordance with FIAR Plan milestone guidance.

3-6

DoD 7000.14-R

2B

Financial Management Regulation

Volume 1, Chapter 3 * October 2008

5. Reporting FFMIA Evaluation Results. Each DoD Reporting Entity must report the results of their evaluation of FFMIA compliance in the Statement of Assurance required by OMB Circular A-123 beginning in fiscal year 2010. If the agency's systems do not substantially conform to financial systems requirements, the Statement of Assurance must list the reasons for nonconformance and provide the agency's plans for bringing its systems into substantial compliance. Financial management systems include both financial and mixed systems.

030303.

The FFMIA Compliance Process

A. The OUSD(C), Directorate for Financial Improvement and Audit Reporting (FIAR) shall annually update and publish the Department's FIAR Plan guidance.

B. The FIAR Plan guidance shall:

1. Provide direction for conducting the FIAR Plan Discovery and Correction phase, implementation of OMB Circular A-123, Appendix A, within DoD, and working to achieve FFMIA compliance concurrently with efforts to achieve auditability.

2. Provide direction for development and preparation of segment management assertion packages and for the conduct of independent segment validations that will eventually be replaced by audits performed in accordance with GAO and OMB guidance.

3. Contain the following information:

a. Definition and Documentation. Include requirements for documenting each Reporting Entity target IFMS.

b. Evaluation requirements for Reporting Entity target IFMS. In addition to the segments directed for inclusion in the FIAR Plan, each Reporting Entity shall identify other significant segments and the elements of the segments that are significant to their financial management and reporting and include evaluation and corrective action plans in their FIPs. The GAO/President's Council on Integrity and Efficiency (PCIE) Financial Audit Manual, Section 240 provides guidance on how to identify significant elements of the target IFMS.

c. Test and Assess Compliance of Material/Significant Segments. The entity Head shall use procedures as described in the FIAR Plan guidance and the GAO/PCIE Financial Audit Manual to assess the compliance of each segment with FFMIA requirements before submitting a Management Assertion that audit readiness was achieved for that segment. Refer to the OMB FFMIA Implementation guidance for indicators of FFMIA compliance.

3-7

DoD 7000.14-R

2B

Financial Management Regulation

Volume 1, Chapter 3 * October 2008

d. Test and Assess Compliance of Material/Significant Segment Components. Since entire segments may not reach their target state for some time, it may be advantageous for an entity to test and assess individual components of the target segment before the entire target segment is in place. The entity Head shall use guidance and procedures as described in the FIAR Plan and the GAO/PCIE Financial Audit Manual, to assess the compliance of selected process segment components with FFMIA requirements.

e. Reporting Entity Test and Assessment Submissions. Each Reporting Entity should document the procedures used to select the FFMIA requirements applicable to a given segment and exercise care to ensure that there are no gaps of requirements within a segment. At a minimum, entities must test and evaluate the following before submitting a full segment compliance assessment.

(1). Software Acquisitions. Before Acquisition Milestone A, as defined by DoD Instruction 5000.2, "Operation of the Defense Acquisition System," software requirements should be evaluated to ensure that they include the FFMIA requirements for the process segments the software will support. Financial Management software acquisitions that have been designated as a Major Automated Information System (MAIS) by the Acquisition Executive must be tested and evaluated for compliance with FFMIA requirements after development and before Acquisition Milestone C.

(2). Processes, Procedures, Controls, and Data Standards. Significant target processes, procedures, controls, and data standards already in existence should be tested and evaluated to ensure they are operating effectively and as designed. This should be scheduled in accordance with the segment plan in the Reporting Entity FIP and FIAR Plan.

(3). Existing Software. Significant existing software components of the target FMS should be evaluated for FFMIA requirement compliance. This should be scheduled in accordance with the segment plan in the Reporting Entity's FIP and FIAR Plan. This applies to both core financial systems and mixed systems.

(4). Third-Party Software Provided as a Service. Entities may rely on FFMIA requirement testing performed by other entities provided that an assessment of the testing scope indicates that all requirements fulfilled by the software for the entity were tested in the previous test. The Reporting Entity remains responsible to ensure that third-party software meets applicable requirements. Upon determining that any third-party software is a significant component of the Reporting Entity's target IFMS, the Reporting Entity shall coordinate with the service provider to conduct appropriate testing of the software.

C. Maintaining Compliance. The FIAR Plan guidance shall prescribe and define mandatory practices for maintaining auditability subsequent to assertion and validation. These same practices shall be applied to maintain compliance with FFMIA requirements.

3-8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download